povertystealer | 704c6726ac624046f3a428f5dd6c1e461d9172cea5cdb313f176d361454a0419 | Triage

Submit
Reports

Overview

overview

Static

static

1

photoshop.lnk

windows10-2004-x64

Sharing

General

Target

photoshop.lnk
Size

1KB
Sample

240304-y25r9sdb46
MD5

e0c8dc3509ab18f1feae1a35ee36a82a
SHA1

46560534976b84abe00123d821fbdfab148403e4
SHA256

704c6726ac624046f3a428f5dd6c1e461d9172cea5cdb313f176d361454a0419
SHA512

171db39c91a149735316379111572e267ab874cbf3925956afcc0fc2a1e0a57825f096aaf6d43fc5de03f6cce2822131ff9bf7c72204a7d8d38bd32a32844392

Score

10^/10

povertystealer evasion spyware stealer trojan upx

Static task

static1

Behavioral task

behavioral1

Sample

photoshop.lnk

Resource

win10v2004-20240226-en

povertystealer evasion spyware stealer trojan upx

windows10-2004-x64

19 signatures

150 seconds

Malware Config

Extracted

Language

hta

Source

URLs

hta.dropper

http://91.92.251.35/Downloads/Lar/photoshop

Targets

- Target
  
  photoshop.lnk
- Size
  
  1KB
- MD5
  
  e0c8dc3509ab18f1feae1a35ee36a82a
- SHA1
  
  46560534976b84abe00123d821fbdfab148403e4
- SHA256
  
  704c6726ac624046f3a428f5dd6c1e461d9172cea5cdb313f176d361454a0419
- SHA512
  
  171db39c91a149735316379111572e267ab874cbf3925956afcc0fc2a1e0a57825f096aaf6d43fc5de03f6cce2822131ff9bf7c72204a7d8d38bd32a32844392
Score

10^/10

povertystealer evasion spyware stealer trojan upx
- Detect Poverty Stealer Payload
- Poverty Stealer
  Poverty Stealer is a crypto and infostealer written in C++.
  stealer povertystealer
- UAC bypass
  evasion trojan
- Blocklisted process makes network request
- Downloads MZ/PE file
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Abuse Elevation Control Mechanism

Bypass User Account Control

Defense Evasion

Abuse Elevation Control Mechanism

Bypass User Account Control

Impair Defenses

Disable or Modify Tools

Modify Registry

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

povertystealerevasionspywarestealertrojanupx

© 2018-2025

Terms | Privacy